hook
Warn
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions require the agent to read
~/.claude/settings.json. Accessing the primary configuration file for the agent environment can expose sensitive configuration details or metadata. - [PROMPT_INJECTION]: The skill processes untrusted data from log files and hook descriptions, which may contain content from external tool outputs, creating a vulnerability to indirect prompt injection.
- Ingestion points: The agent reads from
~/.claude/logs/hook_metrics.jsonland files within~/.claude/hooks/. - Boundary markers: Absent. The skill does not provide instructions to the agent to treat content within these files as untrusted or to ignore embedded instructions.
- Capability inventory: The skill performs file read operations on
settings.json,hooks/, andlogs/, and performs file write operations to~/.claude/hooks/.disabled. - Sanitization: Absent. No validation or filtering is specified for the data parsed from configuration or log files before it is processed or displayed.
- [COMMAND_EXECUTION]: The skill's operational logic involves several file system operations, including scanning directories, reading JSON files, and updating configuration files, which the agent executes using its internal tools.
Audit Metadata